From beb62dc163ee995a9fbe362807c132bf8edd1e09 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 15 May 2020 12:06:34 +0200 Subject: [PATCH] fix: condition location --- rules/windows/malware/win_mal_blue_mockingbird.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml index d7ce7fa34..c40f28d76 100644 --- a/rules/windows/malware/win_mal_blue_mockingbird.yml +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -14,7 +14,8 @@ date: 2020/05/14 falsepositives: - unknown level: high -condition: 1 of them +detection: + condition: 1 of them --- logsource: category: process_creation